[analog-help] is it me or analog 6?

Fri, 08 Sep 2006 08:48:09 -0700

I have been over this and over this, and whittled my log file down to a single line to try and make it easy to analyze.
I swear, analog is ignoring my LOGFORMAT and APACHEDEFAULTLOGFORMAT entries in my cfg file.
Either that or I'm seriously blind and screwed it up. So I'm resorting to the list for help.

I collect web server logs from multiple servers via syslog-ng. So already things are difficult.
syslog-ng will cut an entry off after so many characters so I configure Apache to not log the date. I will also need to get analog to parse syslog'ed IIS logs, but that is after this works right.

Here is a log entry:
Sep  5 2006 08:37:10 server1 apache: [ID 702911 local7.info] 10.10.10.116 mlanli "GET /cams/check_passwd.jsp?www-d.testdomain.test%3A1532%2Fhtmldb%2Fplsql%2Ff%3Fp%3D4550%3A1%3A1994113970140610611%3A%3A%3A%3AFSP_AFTER_LOGIN_URL%3Af%3Fp%3D4350%7C1%7C4376866936419390396&cams_server=issauthd1.jsc.nasa.gov HTTP/1.1" 200 - 0 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; company Kit; .NET CLR 1.1.4322)"

Here is my config, and the output of my running analog.
See how it ignores my FORMAT entry and tries to grab the hour as the host? This is an improvement, it was grabbing the day-of-month.
I'm running on Solaris 10.

Please oh please oh please help. Thanks!

CFG:
DEBUG ON
WARNINGS ON
CASE INSENSITIVE
REQUEST ON
DIRFLOOR 100r
DIRSORTBY REQUESTS
MONTHLY ON
DIRECTORY ON
HOST ON
DOMAIN ON
HOSTEXCLUDE 10.1.3.
FAILURE ON
REFERER ON
SUBDIRFLOOR 100r
SUBDIRSORTBY REQUESTS
FILEALIAS */act/* /act/
FILEALIAS */ifi/* /IFI/
HOSTNAME www-d
HOSTURL http://www-d.testdomain.test/
LANGUAGE US-ENGLISH
APACHEDEFAULTLOGFORMAT (%M  %d %Y %h:%n:%j] %S %u \"%r\" %c %b %T \"%f\" \"%B\")
LOGFILE unix.log
OUTFILE /systems/webreports/test/index.html


# ./analog
./analog: analog version 6.0/Unix
F: Closing configuration file /admin/src/analog-6.0/analog.cfg
F: Opening /admin/src/analog-6.0/lang/us.lng as language file
F: Closing language file /admin/src/analog- 6.0/lang/us.lng
F: Opening /admin/src/analog-6.0/lang/usdom.tab as domains file
F: Closing domains file /admin/src/analog-6.0/lang/usdom.tab
F: Opening /admin/src/analog-6.0/lang/usdesc.txt as report descriptions file
F: Closing report descriptions file /admin/src/analog-6.0/lang/usdesc.txt
F: Opening /admin/src/analog-6.0/unix.log as logfile
F: Closing logfile /admin/src/analog-6.0/unix.log
S: Successful requests: 1
S: Redirected requests: 0
S: Failed requests: 0
S: Requests returning informational status code: 0
S: Status code not given: 0
S: Unwanted lines: 0
S: Corrupt lines: 0
S: No times in logfile
F: Opening /systems/webreports/test/index.html as output file
./analog: Warning R: Turning off empty time reports
  (For help on all errors and warnings, see docs/errors.html)
./analog: Warning R: Turning off empty Failure Report
V: 08
./analog: Warning R: Turning off empty Referrer Report
./analog: Warning R: Turning off empty Search Word Report
./analog: Warning R: Turning off empty Operating System Report
./analog: Warning R: Turning off empty Status Code Report
V: 08
./analog: Warning R: In Domain Report, turning off empty pie chart
./analog: Warning R: In Organisation Report, turning off pie chart of only one
  wedge
./analog: Warning R: In Host Report, turning off pie chart of only one wedge
./analog: Warning R: In File Size Report, turning off pie chart of only one
  wedge
./analog: Warning R: In File Type Report, turning off empty pie chart
./analog: Warning R: In Directory Report, turning off pie chart with no wedges
./analog: Warning R: In Request Report, turning off pie chart with no wedges
F: Closing /systems/webreports/test/index.html



So..... I've messed around a little with the logfile (cleaned it up, filled in referer with something), the cfg (trying %s for IP instead of host), and get a little bit different results. It seems to barf on the first dot in the IP address of the client (in case the mail doesn't line it up right).
APACHEDEFAULTLOGFORMAT (%M  %d %Y %h:%n:%j] %s %u \"%r\" %c %b %T \"%f\" \"%B\")

Sep  5 2006 08:37:10 server1 apache: [ID 702911 local7.info] 10.10.10.116 mlanli "GET /cams/check_passwd.jsp HTTP/1.1" 200 1206 0 "http://www.nowhere.test/prelink" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; company Kit; .NET CLR 1.1.4322)"



# ./analog
./analog: analog version 6.0/Unix
F: Closing configuration file /admin/src/analog-6.0/analog.cfg
F: Opening /admin/src/analog-6.0/lang/us.lng as language file
F: Closing language file /admin/src/analog-6.0/lang/us.lng
F: Opening /admin/src/analog-6.0/lang/usdom.tab as domains file
F: Closing domains file /admin/src/analog-6.0/lang/usdom.tab
F: Opening /admin/src/analog- 6.0/lang/usdesc.txt as report descriptions file
F: Closing report descriptions file /admin/src/analog-6.0/lang/usdesc.txt
F: Opening /admin/src/analog-6.0/unix.log as logfile
C: Sep  5 2006 08:37:10 server1 apache: [ID 702911 local7.info] 10.10.10.116 mlanli "GET /cams/check_passwd.jsp HTTP/1.1" 200 - 0 "http://www.nowhere.test/prelink " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; company Kit; .NET CLR 1.1.4322)"
C:                                                                 *
F: Closing logfile /admin/src/analog- 6.0/unix.log
S: Successful requests: 0
S: Redirected requests: 0
S: Failed requests: 0
S: Requests returning informational status code: 0
S: Status code not given: 0
S: Unwanted lines: 0
S: Corrupt lines: 1




--
-Kevin

+------------------------------------------------------------------------
|  TO UNSUBSCRIBE from this list:
|    http://lists.meer.net/mailman/listinfo/analog-help
|
|  Analog Documentation: http://analog.cx/docs/Readme.html
|  List archives:  http://www.analog.cx/docs/mailing.html#listarchives
|  Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
+------------------------------------------------------------------------

Reply via email to